Is there a way to check A records? - Githubissues

jakejarvis / subtake

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Apache License 2.0

145 stars 30 forks source link

Is there a way to check A records? #1

Open oldesec opened 5 years ago

oldesec commented 5 years ago

Hi.

Is there a way to check A records?

or Only CNAME check?

Thanks.

jakejarvis commented 5 years ago

Hi there!

For subdomain takeovers specifically, it really only makes sense to check for stale CNAME records. I think I understand what you're saying about subdomains pointing to IP addresses they no longer control/own, but taking those over is usually improbable due to providers assigning IPs somewhat randomly.

Is that what you're asking?

oldesec commented 5 years ago

@jakejarvis Thank you for your kind reply.

Sometimes, can take over subdomains if use A records. I want to detect it.

Here's a case. Ref : https://blog.initd.sh/others-attacks/mis-configuration/subdomain-takeover-explained/ (Only Tilda page)

jakejarvis commented 5 years ago

Ah, thanks for the link. I see what you're saying about services providing the same IPs for users that can't use CNAMEs. I think Tumblr, GitHub Pages, and Bitly do the same. This should be doable, I'll definitely take a look!

oldesec commented 5 years ago

@jakejarvis Good. exactly. hmm.. Many tools do not support this feature. I do not know why.